Skip to main content

Security aspects for Gurobi Instant Cloud

Dan Steffy
Updated

Overview

The Gurobi Instant Cloud simply provisions machines for your use. It does not store any models or data, as everything is removed from the machines the moment they are shut down.

The Gurobi Instant Cloud Manager is designed to streamline the control of the Gurobi Optimizer on the Cloud. With the Gurobi Instant Cloud Manager, both AWS EC2 and Azure instances can be managed. The Instant Cloud Manager consists of the website cloud.gurobi.com and a REST API. The main functions of the Instant Cloud Manager are about configuring, controlling, and monitoring Gurobi compute servers. No optimization model data is communicated with the Instant Cloud Manager.

Please see our main overview here.

Location

Gurobi Instant Cloud can be configured to only use machines in a specific region. For example, the user can select the “EU Central 1” (Frankfurt) region for AWS and the “West Europe” region for Azure in order to provision machines in Europe.

Instant Cloud supports TLS 1.3 or TLS 1.2 only with safe cipher suites. The easiest way to check this is to use an independent TLS/SSL tester with the endpoint cloud.gurobi.com and the desired region router address (please see here and here). 

Authentication

Authentication is based on API keys that can be managed through the Cloud Manager web application (API keys can be created and revoked as needed). A client requests access to a machine pool by sending the API key (access ID, secret key) and the pool name.

See also: Gurobi Instant Cloud - API Keys

Region routers

The region router between the client and server machine with Instant Cloud is a technical measure to have defined endpoints for network communication. Firewalls need to be able to clearly identify endpoints, so this is in fact a security measure as well.

GDPR

Gurobi is not a data processor as defined by the General Data Protection Regulation (GDPR), observed in the European Union and the European Economic Area, provided that Gurobi itself does not access any data that will be provided by the client and processed by the Gurobi solver. Gurobi cannot access client data since the machines on which the data are processed are operated on the AWS EC2 or Azure cloud and are purely controlled by the client. In terms of data processing, Gurobi is not a middle man between the client and AWS/Azure but only acts as a broker. It is the decision of the client whether they enter any personal data into the solver.

Despite the contractual relationship between Gurobi and the client for the Gurobi Instant Cloud, the client could enter into a “GDPR Data Processing Addendum” with AWS or Azure directly to cover data processing on the AWS EC2/Azure cloud.

 

 

Related to

Was this article helpful?

0 out of 0 found this helpful
Return to top

Related articles